MikroTik Tutorial: How to enable DNS over HTTPS (DoH)

MikroTik Tutorial: How to enable DNS over HTTPS (DoH)

In this MikroTik Tutorial I will show you how to configure DNS over HTTPS on your MikroTik router using either Cloudflare DNS servers or Google DNS servers.

The latest stable version of RouterOS 6.47 adds support for DNS over HTTPS or DoH. DoH is a protocol for performing remote DNS over HTTPS protocol. It is similar to DoT (DNS over TLS) but not exactly the same.

DNS Queries over HTTPS (DoH) is an accept IETF standard RFC8484.

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks[1] by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

Wikipedia DoH page

UPDATE: RouterOS v6.47 was released to the stable channel on June 2nd 2020 with DNS over HTTPS support. I used a RB4011 router running RouterOS v6.47beta60 during testing. You will see 6.47beta60 referenced in the screenshot below but I recommend using the stable channel.

Steps to Configure DNS over HTTPS on a MikroTik Router

Time needed: 2 minutes

  1. Upgrade to RouterOS v6.47 available in the stable channel.

    System | Packages | Check for Updates

  2. Download and Import root certificates

    /tool fetch url=https://curl.haxx.se/ca/cacert.pem
    /certificate import file-name=cacert.pem passphrase=””
    Root CA certificates

  3. Remove DNS Servers

    In winbox open IP | DNS, remove existing Servers

  4. Add a static DNS entry for the DoH hostname.

    IP | DNS | Static | +
    Add 2 Static DNS Entries for cloudflare-dns.com to Address: and
    If you plan on using Google add dns.google pointing to and

  5. Add providers url to “Use DoH Server” and check the box “Verify DoH Certificate”

    For cloudflare I added https://cloudflare-dns.com/dns-query

Verify that DoH is enabled and working

Cloudflare has provided a simple web status page at to verify that you have configured DNS over HTTPS properly.

Configure Cloudflare DNS over HTTPS resolver

The resolver url for Cloudflare is https://cloudflare-dns.com/dns-query as show in the screenshot above.

Configure Google’s DNS over HTTPS resolver

The resolver url for Google is https://dns.google/dns-query as show in the screenshot below.

Error Messages & Troubleshooting

dns, error DoH server connection error: SSL: handshake failed: unable to get local issuer certificate (6)

This error is a result of not having root certificates installed to validate the https certificate of the DNS server url.

dns, error DoH server connection error: resolving error

This error is a result of entering only an IP address in the Use DoH Server field. It should be entered as a https:// url.

Enable DNS debug logging

Another way to see what is going on with dns queries on your MikroTik router is to enable DNS logging.

Verify DoH is working with Torch

To verify that DoH is configured and working run torch on your WAN interface and verify you see no udp or tcp connections to DNS port 53. In my configuration to cloudflare I can see multiple https connection to

Now you have DNS over HTTPS configured on your MikroTik Router. I hope you have enjoyed this howto article, you can find many more MikroTik Tutorials here.

Did this work for you? Let me know in the comments section below.

More MikroTik Articles


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Ads Blocker Image Powered by Code Help Pro

πŸ™πŸ™A Humble Request to Disable AdBlock πŸ™πŸ™

You can close this message & continue reading but...
❀️❀️❀️ Please consider visiting one of my sponsors first ❀️❀️❀️

DigitalOcean πŸš€

Sign up and get a $200, 60-day credit to try DO.
Spend $25 after your credit expires and I will also get $25 in credit!
DigitalOcean Referral Badge

Pictory πŸ€–

Create amazing videos using Pictorys AI powered software.
Its FREE to create your first 3 video projects

Hi Reader, I noticed that you are using an ad blocker while visiting my website. While I completely understand that excessive ads can hinder your browsing experience, ad revenue helps pay for the cost associated with operating this website.

jcutrer.com is a labor of love, created with the primary aim to provide you with quality content, free of cost. It’s a space where I share information, ideas, and insights that I hope have a meaningful impact. However, maintaining and updating this platform incurs substantial costs.